CVE-2023-44194

Summary

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges.

This issue affects Juniper Networks Junos OS:

  • All versions prior to 20.4R3-S5;
  • 21.1 versions prior to 21.1R3-S4;
  • 21.2 versions prior to 21.2R3-S4;
  • 21.3 versions prior to 21.3R3-S3;
  • 21.4 versions prior to 21.4R3-S1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 20.4R3-S5affected
Juniper NetworksJunos OS21.1 < 21.1R3-S4affected
Juniper NetworksJunos OS21.2 < 21.2R3-S4affected
Juniper NetworksJunos OS21.3 < 21.3R3-S3affected
Juniper NetworksJunos OS21.4 < 21.4R3-S1affected

Weaknesses

  • CWE-276: CWE-276 Incorrect Default Permissions

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References